This site requires JavaScript to be enabled
External Customer KB > General > Configuring SAML for Asana
Configuring SAML for Asana
Article: KB0010149 Published: 05/25/2021 Last modified: 05/25/2021

This article describes how to configure OneLogin to provide SSO for Asana using SAML. 

  1. Log into OneLogin as a Super user or Account Owner.

  2. Go to to Apps > Add Apps.

  3. Search for Asana and select it.

  4. On the initial Configuration tab, click Save to add the app to your Company Apps and display additional configuration tabs.

    The Info tab appears.

  5. Go to the Parameters tab to confirm the mapping of OneLogin values to Asana attributes.

    NameID (Subject) is included in the SAML assertion passed by OneLogin to Asana. You should keep the default OneLogin value of Email.

    The SCIM Username is used for provisioning. See Provisioning for Asana.

    In most cases, you should keep the Configured by admin default. For more information, see Setting Credential Configuration Options.

  6. Go to the SSO tab to copy the SAML 2.0 Endpoint (HTTP) and X.509 Certificate; you will provide these to Asana in the next step.

    To copy the X.509 Certificate, click View Details to launch the certificate edit page and then copy the entire contents of the X.509 Certificate field, including "----BEGIN CERTIFICATE----" and "----END CERTIFICATE----".

    If you want to change the certificate before copying, click Change under X.509 Certificate and follow the prompts.

  7. In another browser tab or window, go to your Asana account to configure OneLogin as an IdP.

    Note. Asana can change this process at any time. For the most up-to-date instructions, see the Asana documentation at https://asana.com/guide/help/premium/authentication#gl-saml.


    1. Log in as an admin.

    2. Click your profile photo and select Organization Settings from the drop-down menu.

    3. Go to the Administration tab.

    4. Select the Members must log in via SAML option.

    5. Paste the your OneLogin SAML 2.0 Endpoint (HTTP) value in the Asana Sign-in page URL field and the X.509 certificate in the X.509 Certificate field.

    6. Click Save.

  8. Return to OneLogin and go to the Access tab to assign the OneLogin roles that should have access to Asana and provide any app security policy that you want to apply to your Asana users.

    You can also go to Users > All Users to add the app to individual user accounts.

    Note. You may want to give access to yourself or a test account and test your completed OneLogin SAML integration with Asana before you assign additional roles on this tab. See step 10, below.

  9. Click Save.

  10. Test the SAML connection.


    1. Ensure that you have a user account in both OneLogin and Asana that uses the same email.

      You can create a test user, or you can use your own account if you choose.

    2. Make sure that you are logged out of Asana.

    3. Log in to OneLogin as an admin and give the test user (or yourself) access to the Asana app in OneLogin. (See step 7 above)

    4. Log in to OneLogin as the test user.

    5. Go to your Asana login page before your OneLogin session ends.

      If the test user is granted access to Asana without having to provide login credentials, then SAML works.

Next steps:

Provisioning for Asana

Expand/Collapse Comments
:     
Was this helpful?
YesYesNoNo